<!DOCTYPE html>
<html lang="zh-cn">
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <title>勒索病毒（Wannacry蠕虫病毒）预防方案 - Feng&#39;s Blog - 大灰鼠的博客</title>
  <meta name="renderer" content="webkit" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>

<meta http-equiv="Cache-Control" content="no-transform" />
<meta http-equiv="Cache-Control" content="no-siteapp" />

<meta name="theme-color" content="#f8f5ec" />
<meta name="msapplication-navbutton-color" content="#f8f5ec">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="#f8f5ec">


<meta name="author" content="Feng" /><meta name="description" content="事件背景 5月12日晚， WannaCry 蠕虫病毒在全球大肆爆发。据BBC、CNN等媒体报道，恶意攻击者利用 NSA（美国国家安全局）泄露的 Windows 0day 利用工具对99个" /><meta name="keywords" content="feng, 折腾人生, 电脑维修, 手机玩转, 技术心得, 拆机, 网站建设, 快乐悠悠, uu, 悠悠, 博客" />






<meta name="generator" content="Hugo 0.76.5 with theme even" />


<link rel="canonical" href="https://uu126.gitee.io/2017/363.html" />
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
<link rel="manifest" href="/manifest.json">
<link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5">



<link href="/sass/main.min.c7bc1becf36bcf6a9ebd25d2947e43a2eb745ddb0c9a32b43126fd7fa460c351.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@3.1.20/dist/jquery.fancybox.min.css" integrity="sha256-7TyXnr2YU040zfSP+rEcz29ggW4j56/ujTPwjMzyqFY=" crossorigin="anonymous">


<meta property="og:title" content="勒索病毒（Wannacry蠕虫病毒）预防方案" />
<meta property="og:description" content="事件背景 5月12日晚， WannaCry 蠕虫病毒在全球大肆爆发。据BBC、CNN等媒体报道，恶意攻击者利用 NSA（美国国家安全局）泄露的 Windows 0day 利用工具对99个" />
<meta property="og:type" content="article" />
<meta property="og:url" content="https://uu126.gitee.io/2017/363.html" />
<meta property="article:published_time" content="2017-05-14T15:50:00+00:00" />
<meta property="article:modified_time" content="2017-05-14T15:50:00+00:00" />
<meta itemprop="name" content="勒索病毒（Wannacry蠕虫病毒）预防方案">
<meta itemprop="description" content="事件背景 5月12日晚， WannaCry 蠕虫病毒在全球大肆爆发。据BBC、CNN等媒体报道，恶意攻击者利用 NSA（美国国家安全局）泄露的 Windows 0day 利用工具对99个">
<meta itemprop="datePublished" content="2017-05-14T15:50:00+00:00" />
<meta itemprop="dateModified" content="2017-05-14T15:50:00+00:00" />
<meta itemprop="wordCount" content="1301">



<meta itemprop="keywords" content="病毒," />
<meta name="twitter:card" content="summary"/>
<meta name="twitter:title" content="勒索病毒（Wannacry蠕虫病毒）预防方案"/>
<meta name="twitter:description" content="事件背景 5月12日晚， WannaCry 蠕虫病毒在全球大肆爆发。据BBC、CNN等媒体报道，恶意攻击者利用 NSA（美国国家安全局）泄露的 Windows 0day 利用工具对99个"/>

<!--[if lte IE 9]>
  <script src="https://cdnjs.cloudflare.com/ajax/libs/classlist/1.1.20170427/classList.min.js"></script>
<![endif]-->

<!--[if lt IE 9]>
  <script src="https://cdn.jsdelivr.net/npm/html5shiv@3.7.3/dist/html5shiv.min.js"></script>
  <script src="https://cdn.jsdelivr.net/npm/respond.js@1.4.2/dest/respond.min.js"></script>
<![endif]-->

</head>
<body>
  <div id="mobile-navbar" class="mobile-navbar">
  <div class="mobile-header-logo">
    <a href="/" class="logo">Feng&#39;s Blog</a>
  </div>
  <div class="mobile-navbar-icon">
    <span></span>
    <span></span>
    <span></span>
  </div>
</div>
<nav id="mobile-menu" class="mobile-menu slideout-menu">
  <ul class="mobile-menu-list">
    <a href="/">
        <li class="mobile-menu-item">Home</li>
      </a><a href="/post/">
        <li class="mobile-menu-item">Archives</li>
      </a><a href="/tags/">
        <li class="mobile-menu-item">Tags</li>
      </a><a href="/links/">
        <li class="mobile-menu-item">Links</li>
      </a><a href="/ly/">
        <li class="mobile-menu-item">Ly</li>
      </a><a href="/about/">
        <li class="mobile-menu-item">About</li>
      </a>
  </ul>
</nav>
  <div class="container" id="mobile-panel">
    <header id="header" class="header">
        <div class="logo-wrapper">
  <a href="/" class="logo">Feng&#39;s Blog</a>
</div>

<nav class="site-navbar">
  <ul id="menu" class="menu">
    <li class="menu-item">
        <a class="menu-item-link" href="/">Home</a>
      </li><li class="menu-item">
        <a class="menu-item-link" href="/post/">Archives</a>
      </li><li class="menu-item">
        <a class="menu-item-link" href="/tags/">Tags</a>
      </li><li class="menu-item">
        <a class="menu-item-link" href="/links/">Links</a>
      </li><li class="menu-item">
        <a class="menu-item-link" href="/ly/">Ly</a>
      </li><li class="menu-item">
        <a class="menu-item-link" href="/about/">About</a>
      </li>
  </ul>
</nav>
    </header>

    <main id="main" class="main">
      <div class="content-wrapper">
        <div id="content" class="content">
          <article class="post">
    
    <header class="post-header">
      <h1 class="post-title">勒索病毒（Wannacry蠕虫病毒）预防方案</h1>

      <div class="post-meta">
        <span class="post-time"> 2017-05-14 </span>
        <div class="post-category">
            <a href="/categories/it%E7%BB%BC%E5%90%88%E6%8A%80%E6%9C%AF/"> IT综合技术 </a>
            </div>
          <span class="more-meta"> 约 1301 字 </span>
          <span class="more-meta"> 预计阅读 3 分钟 </span>
        
      </div>
    </header>

    <div class="post-toc" id="post-toc">
  <h2 class="post-toc-title">文章目录</h2>
  <div class="post-toc-content always-active">
    <nav id="TableOfContents">
  <ul>
    <li>
      <ul>
        <li>
          <ul>
            <li></li>
          </ul>
        </li>
      </ul>
    </li>
  </ul>
</nav>
  </div>
</div>
    <div class="post-content">
      <h4 id="事件背景">事件背景</h4>
<p>5月12日晚， WannaCry 蠕虫病毒在全球大肆爆发。据BBC、CNN等媒体报道，恶意攻击者利用 NSA（美国国家安全局）泄露的 Windows 0day 利用工具对99个国家实施了超过75000次攻击，主要影响SMB和RDP服务，主要影响了137、138、139、445端口。<br>
目前已知已知的Windows版本包括但不限于一下都受影响：</p>
<ul>
<li>Windows NT</li>
<li>Windows 2000</li>
<li>Windows XP</li>
<li>Windows 2003</li>
<li>Windows Vista</li>
<li>Windows 7</li>
<li>Windows 8</li>
<li>Windows 10</li>
<li>Windows 2008</li>
<li>Windows 2008 R2</li>
<li>Windows Server 2012 SP0</li>
</ul>
<h4 id="2017-5-16补充">2017-5-16补充：</h4>
<p>勒索病毒各系统的SMB补丁下载地址：链接: <a href="http://pan.baidu.com/s/1c1Tx6zY" target="_blank"  rel="nofollow" ><a href="http://pan.baidu.com/s/1c1Tx6zY" target="_blank"  rel="nofollow" ><a href="http://pan.baidu.com/s/1c1Tx6zY">http://pan.baidu.com/s/1c1Tx6zY</a></a></a> 密码: 3jvg</p>
<p>勒索者源头来自暗网，攻击具备兼容性、多语言支持，多个行业受到影响，国内高校网络系统沦为感染重灾区。据有关机构统计，目前国内每天有数万台机器遭到该蠕虫病毒袭击，国内的ATM机、火车站、自助终端、邮政、医院、政府办事终端、视频监控都可能遭受攻击。据报道，今日全国多地的中石油加油站无法进行网络支付，只能进行现金支付。中石油有关负责人表示，怀疑受到病毒攻击，具体情况还在核查。而截至目前，一些公安系统已经遭到入侵。<br>
<img src="https://cdn.uu126.cn/usr/uploads/2017/05/2221204239.png" alt="3d0jo.png" title="3d0jo.png"><br>
如果你也遇到了这样的问题，请不要担心，我在下面给出了如何修复这个漏洞的建议。<br>
<img  class="lazyload" data-src="https://cdn.uu126.cn/usr/uploads/2017/05/3149424871.jpg" src="https://cdn.jsdelivr.net/gh/moezx/cdn@3.0.2/img/svg/loader/trans.ajax-spinner-preloader.svg" onerror="imgError(this)"  alt="9y7cc.jpg" title="9y7cc.jpg" /></p>
<noscript>
  <img src="https://cdn.uu126.cn/usr/uploads/2017/05/2221204239.png" alt="3d0jo.png" title="3d0jo.png" /><br />如果你也遇到了这样的问题，请不要担心，我在下面给出了如何修复这个漏洞的建议。<br /><img src="https://cdn.uu126.cn/usr/uploads/2017/05/3149424871.jpg" alt="9y7cc.jpg" title="9y7cc.jpg" /></p>
</noscript>
<h4 id="什么是比特币蠕虫病毒">什么是比特币蠕虫病毒？</h4>
<p>这次攻击的始作俑者是一款名为“WannaCry”（中文名：想哭）的勒索病毒，带有加密功能，它利用 Windows 在 445 端口的安全漏洞潜入电脑并对多种文件类型加密并添加后缀(.onion)使用户无法打开，用户电脑存在文档被加密的情况，攻击者称需支付比特币解锁。(比特币是一种全球通用的互联网加密货币)</p>
<h4 id="漏洞验证">漏洞验证</h4>
<p>使用 <code>Win+R</code> 按键打开运行窗口，输入 <code>cmd</code> ，进入命令行工具，然后输入 <code>netstat -an</code> 查看是否开放了对应的端口。<br>
<img   class="lazyload" data-src="https://cdn.uu126.cn/usr/uploads/2017/05/2761870806.jpg" src="https://cdn.jsdelivr.net/gh/moezx/cdn@3.0.2/img/svg/loader/trans.ajax-spinner-preloader.svg" onerror="imgError(this)"  alt="9y7cc.jpg" title="9y7cc.jpg" /></p>
<noscript>
  <img src="https://cdn.uu126.cn/usr/uploads/2017/05/2761870806.jpg" alt="9y7cc.jpg" title="9y7cc.jpg" /></p>
</noscript>
<p>上图中的服务器就是开放了445端口，这有很大的风险可能会WannaCry 蠕虫病毒被攻击到，所以我们应该关掉对应端口，并修复漏洞。</p>
<h4 id="漏洞修复">漏洞修复</h4>
<ul>
<li>目前微软已发布补丁MS17-010修复了“永恒之蓝”攻击的系统漏洞，请尽快为电脑安装此补丁，网址为<a href="https://technet.microsoft.com/zh-cn/library/security/MS17-010" target="_blank"  rel="nofollow" ><a href="https://technet.microsoft.com/zh-cn/library/security/MS17-010" target="_blank"  rel="nofollow" ><a href="https://technet.microsoft.com/zh-cn/library/security/MS17-010">https://technet.microsoft.com/zh-cn/library/security/MS17-010</a></a></a></li>
<li>对于XP、2003等微软已不再提供安全更新的机器，推荐使用360“NSA武器库免疫工具”检测系统是否存在漏洞，并关闭受到漏洞影响的端口，可以避免遭到勒索软件等病毒的侵害，可以在360电脑安全管家中找到。</li>
<li>开启系统防火墙，利用系统防火墙的“高级设置”阻止外部对 445 端口进的访问（存在一定影响，该操作会影响使用 445 端口的服务）。</li>
</ul>
<h4 id="修复脚本">修复脚本</h4>
<p>如果以上方式都不能修复漏洞，大家可以使用我以下的批处理脚本文件来尝试关闭端口及服务，批处理禁用该漏洞可能利用到的端口，全版本通用，右键管理员启动即可，注意这需要打开Windows的防火墙。</p>
<pre><code class="lang-python">net stop SCardSvr
net stop SCPolicySvc
sc config SCardSvr start=disabled
sc config SCPolicySvc start=disabled
net start MpsSvc
sc config MpsSvc start=auto
netsh advfirewall set allprofiles state on
netsh advfirewall firewall add rule name="deny udp 137" dir=in protocol=udp localport=137 action=block
netsh advfirewall firewall add rule name="deny tcp 137" dir=in protocol=tcp localport=137 action=block
netsh advfirewall firewall add rule name="deny udp 138" dir=in protocol=udp localport=138 action=block
netsh advfirewall firewall add rule name="deny tcp 138" dir=in protocol=tcp localport=138 action=block
netsh advfirewall firewall add rule name="deny udp 139" dir=in protocol=udp localport=139 action=block
netsh advfirewall firewall add rule name="deny tcp 139" dir=in protocol=tcp localport=139 action=block
netsh advfirewall firewall add rule name="deny udp 445" dir=in protocol=udp localport=445 action=block
netsh advfirewall firewall add rule name="deny tcp 445" dir=in protocol=tcp localport=445 action=block
pause</code></pre>
<p>本文转自：<a href="https://samzong.me/2017/05/13/fix-Wannacry/" target="_blank"  rel="nofollow" ><a href="https://samzong.me/2017/05/13/fix-Wannacry/" target="_blank"  rel="nofollow" ><a href="https://samzong.me/2017/05/13/fix-Wannacry/">https://samzong.me/2017/05/13/fix-Wannacry/</a></a></a></p>

    </div>

    <div class="post-copyright">
  <p class="copyright-item">
    <span class="item-title">文章作者</span>
    <span class="item-content">Feng</span>
  </p>
  <p class="copyright-item">
    <span class="item-title">上次更新</span>
    <span class="item-content">
        2017-05-14
        
    </span>
  </p>
  
  
</div>
<div class="post-reward">
  <input type="checkbox" name="reward" id="reward" hidden />
  <label class="reward-button" for="reward">赞赏支持</label>
  <div class="qr-code">
    
    <label class="qr-code-image" for="reward">
        <img class="image" src="https://cdn.uu126.cn/hugo/wechat.png">
        <span>微信打赏</span>
      </label>
    <label class="qr-code-image" for="reward">
        <img class="image" src="https://cdn.uu126.cn/hugo/alipay.png">
        <span>支付宝打赏</span>
      </label>
  </div>
</div><footer class="post-footer">
      <div class="post-tags">
          <a href="/tags/%E7%97%85%E6%AF%92/">病毒</a>
          </div>
      <nav class="post-nav">
        <a class="prev" href="/2017/364.html">
            <i class="iconfont icon-left"></i>
            <span class="prev-text nav-default">又是一个总值的早晨</span>
            <span class="prev-text nav-mobile">上一篇</span>
          </a>
        <a class="next" href="/2017/362.html">
            <span class="next-text nav-default">小心你的电脑被勒索了</span>
            <span class="next-text nav-mobile">下一篇</span>
            <i class="iconfont icon-right"></i>
          </a>
      </nav>
    </footer>
  </article>
        </div>
        

  
  <div id="vcomments"></div>
  <script src="//cdn1.lncld.net/static/js/3.0.4/av-min.js"></script>
  <script src='//unpkg.com/valine/dist/Valine.min.js'></script>
  <script type="text/javascript">
    new Valine({
        el: '#vcomments' ,
        appId: '5sMkTX4FLjetFnfbOhaDTCDJ-9Nh9j0Va',
        appKey: '25KXCqIqAN142RQn4fBrsI87',
        notify:  false ,
        verify:  false ,
        avatar:'mm',
        placeholder: '说点什么吧...',
        visitor:  false 
    });
  </script>

  

      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="social-links">
  <a href="https://uu126.gitee.io/index.xml" type="application/rss+xml" class="iconfont icon-rss" title="rss"></a>
</div>

<div class="copyright">
  <span class="copyright-year">  
  Hosted by <a href="https://pages.coding.me" style="font-weight: bold">Coding Pages</a> + <a href="https://cloud.tencent.com/redirect.php?redirect=1005&cps_key=4e78216aea817227ff0c96d93a00fd4b" target="_blank" rel="nofollow">腾讯云 + </a><a href="https://console.upyun.com/register/?invite=S1JeTquHL" target="_blank" rel="nofollow"><span class="with-love"><img src="https://cdn.lancn.cn/images/upyun.png" style="width:45px;vertical-align:middle;" alt="又拍云存储"></span></a>
   </span> 
  <div class="busuanzi-footer">
    <a target="_blank"  href="http://www.beian.miit.gov.cn">浙ICP备11026647号-3</a><span class="post-meta-divider"> | </span><a target="_blank" href="http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=33088102001325"><span class="with-love"><img src="https://cdn.uu126.cn/icon-police.png" style="width:14px;"></span> 浙公网安备33088102001325号</a>
  </div>
  <span class="power-by">
    由 <a class="hexo-link" href="https://gohugo.io">Hugo</a> 强力驱动
  </span>
  <span class="division">|</span>
  <span class="theme-info">
    主题 - 
    <a class="theme-link" href="https://github.com/olOwOlo/hugo-theme-even">Even</a>
  </span>
   

  

  <span class="copyright-year">
    &copy; 
    2012 - 
    2020<span class="heart"><i class="iconfont icon-heart"></i></span><span>Feng</span>
  </span>
</div>

    </footer>

    <div class="back-to-top" id="back-to-top">
      <i class="iconfont icon-up"></i>
    </div>
  </div>
  <script src="/lib/highlight/highlight.pack.js?v=20171001"></script>
  <script src="https://cdn.jsdelivr.net/npm/jquery@3.2.1/dist/jquery.min.js" integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=" crossorigin="anonymous"></script>
  <script src="https://cdn.jsdelivr.net/npm/slideout@1.0.1/dist/slideout.min.js" integrity="sha256-t+zJ/g8/KXIJMjSVQdnibt4dlaDxc9zXr/9oNPeWqdg=" crossorigin="anonymous"></script>
  <script src="https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@3.1.20/dist/jquery.fancybox.min.js" integrity="sha256-XVLffZaxoWfGUEbdzuLi7pwaUJv1cecsQJQqGLe7axY=" crossorigin="anonymous"></script>



<script type="text/javascript" src="/js/main.min.c12618f9a600c40bd024996677e951e64d3487006775aeb22e200c990006c5c7.js"></script>








</body>
</html>
